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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER. FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 13 March 2006 . 
2a)^ Tills action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-6,9-17.20 and 21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-6,9-17 and 20 is/are rejected. 

Claim{s) 21_ is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)\3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the con-ection is required if the drawing{s) is objected to. See 37 CFR 1 .121 (d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19{a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No, . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . The following is a final office action in response to communications received 
03/15/2006. Claims 7-8 and 18-19 have been canceled. Claims 1, 9, 10, 17, and 20 have been 
amended. Claim 21 has been added. Claims 1-6, 9-17, and 20-21 are pending in this 
application. 

Response to Amendment 

2. Applicant's amendments to the specification are sufficient to overcome the specification 
objections set forth in the previous office action. 

3. Applicant's amendments to the drawings are sufficient to overcome the drawing 
objections set forth in the previous office action. 

4. Applicant's cancellation of claims 7-8 and 18-19 are sufficient to overcome the 35 USC 
112, first paragraph, rejections set forth in the previous office action. 

Allowable Subject Matter 

5. Claim 21 is objected to as being dependent upon a rejected base claim, but would be 
allowable if rewritten in independent fomi including all of the limitations of the base claim and 
any intervening claims. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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7. Claims 1-5, 9-16, and 20 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Barton et al. (U.S. 2002/0059093). 

As per claim 1, Barton et al. teaches a method for use in compliance management, 
comprising; 

presenting, via a computer network, at least one user with a series of questions relating to 
at least one business category (See figure 11, paragraphs 0010, 0012-4, 0049, 0051, wherein 
questions are presented via the network conceming compliance risk); 

soliciting, via the computer network, a response from the at least one user for each 
question presented (See paragraphs 0010, 0012-4, 0049, 0051, 0060, wherein the questions are 
answered); 

determining a detection index based on the number of responses to each of the series of 
questions (See paragraphs 0081 and 0084, wherein detection is determined); 

determining an occurrence index based on the potential consequence of non-compliance 
(See paragraphs 0007, 0081, and 0084, wherein occurrence index is determined); 

determining a standard severity risk index based on the expected severity of non- 
compliance (See paragraphs 0068, 0072-3, 0075, 0081, 0084, wherein severity indexes are 
considered); and 

prioritizing, via the computer network, the at least one business category based on the at 
least one user's responses and at least one total risk score comprising the product of the detection, 
occurrence, and standard severity risk indices (See paragraphs 0081, 0084-7, wherein a risk score 
is calculated based on these factors. See also paragraphs 0068-9, 0072, 0081, 0090-1, where risk 
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prioritization numbers are generated to determine the order to handle the risk areas of the 
business). 

As per claim 2, Barton et al. discloses wherein the user response comprises a "Yes" or 
"No" (See paragraphs 0060 and 0064, wherein the questions are answered yes/no). 

As per claim 3, Barton et al. discloses wherein at the least one standard severity risk 
index comprises a number between 1 and 10 corresponding to a specific level of risk (See 
paragraph 0060, 0068, 0072-5, wherein severity is valued 1-10). 

As per claim 4, Barton et al. discloses wherein the number "1" comprises the lowest level 
of risk severity, and the number "10" the highest level of severity (See paragraph 0060, 0068, 
0072-5, wherein 1 is low and 10 is high severity). 

As per claim 5, Barton et al. teaches wherein the at least one standard severity risk index 
corresponds to the at least one business category (See paragraph 0040, 0060, 0068, 0072-5, 
which corresponds to at least one business category. See also figure 11). 

As per claim 9, Barton et al. teaches ranking the at least one business category based on 
the at least one total risk score (See paragraphs 0081, 0084-7, wherein a risk score is calculated. 
See also paragraphs 0068-9, 0072-5, 0081, 0090-1, where risk is prioritized). 

As per claim 10, Barton et al. teaches a system for use in compUance management, 
comprising: 

a query module associated with an engine for presenting at least one user with a series of 
questions relating to at least one business category, and for soliciting and receiving responses 
from the at least one user for each question presented (See figure 11, paragraphs 0010, 0012-4, 
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0049, 0051, 0060, wherein questions are presented via the network concerning compliance risk 
and answers are received);; 

a prioritization module associated with the engine for: (1) determining a detection index 
based on the number of responses to each of the series of questions, determining an occurrence 
index based on the potential consequence of non-compliance, and determining a standard 
severity risk index based on the expected severity of non-compliances (See paragraphs 0068, 
0072-3, 0075, 0081, 0084, wherein a detection, occurrence, and severity index are determined) 
and (2) prioritizing the at least one business category based on the at least one user's responses 
and at least one total risk score comprising the product of a detection, occurrence and standard 
severity risk indices (See paragraphs 0081, 0084-7, wherein a risk score is calculated based on 
these factors. See also paragraphs 0068-9, 0072, 0081, 0090-1, where risk prioritization numbers 
are generated to determine the order to handle the risk areas of the business). 

As per claim 11, Barton et al. wherein the series of questions are presented to the user 
over a communications network (See figure 11, paragraphs 0010, 0012-4, 0049, 0051, 0060, 
wherein questions are presented via the network). 

As per claim 12, Barton et al. wherein an administration module associated with the 
engine for inputting, updating and accessing data associated with the query and prioritization 
modules, the administration module being accessible to an administrator of the system via an 
administration interface (See paragraphs 0012-3, 0048-51, 0060, 0064, wherein an administrator 
and interface is disclosed). 

Claims 13-16 and 20 recite equivalent limitations to claims 2-5 and 9, respectively, and 
are therefore rejected using the same art and rationale as applied above. 
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Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 6 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Barton et 
al. (U.S. 2002/0059093) 

As per claim 6, Barton et al. discloses the step of determining a detection index based on 
the at least one user's responses, and the number of users (See paragraphs 0065 and 0084, 
wherein the detection index is determined based on the responses from the at least one user). 
Barton et al. also generates a score based on the number of questions presented (i.e. "opps") (See 
paragraphs 0065 and 0084, where the number of questions presented (ie opportunities) are used 
to determine a score). However, Barton et al. does not expressly disclose using the number of 
questions presented to determine a detection index. 

Barton et al. discloses a detection index being determined which is used to determine a 
risk Score. Barton et al. also discloses using information conceming the number of questions 
presented (and response opportunities) to score risk. Using the number of questions presented as 
a baseline for frequency of response is well known in surveys. Therefore, it would have been 
obvious to one of ordinary skill in the art at the time of the invention to use the number of 
questions presented (ie opportunities) when calculating the detection index in order to more 
efficiently determine the potential for failure conceming a business risk by judging the frequency 
of response. See paragraphs 0065 and 0084. 
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Claim 17 recites equivalent limitations to claim 6 and is therefore rejected using the same 
art and rationale as appUed above. 

Response to Arguments 
10. AppHcant's arguments with respect to claims 1-6, 9-17, and 20-21 have been considered 
but are moot in view of the new grounds of rejection, as necessitated by amendment. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Buddie et al. (U.S. 6,912,502) discloses calculating a risk scores for areas of risk using 
the data of severity, occurrence, and detention, and ranking the risk areas in a matrix. 

Barrett et al. (U.S. 6,029,144) discloses a system that checks for compliance issues. 

Beverina et al. (U.S. 2001/0027389) discloses using questionnaires to detect the 
occurrence of risk. 

Davies et al. (U.S. 2003/0033191) discloses using questionnaires for risk assessment and 
to generate a risk score. 

Alberts et al. ("An Introduction to the OCTAVE Method") discloses a computer based 
method for risk assessment. 

Bums et al (NASA Risk Assessement and Management Roadmap) discloses a technique 
to assess risk by business area and rank the risks by determining the severity and probabihty of 
occurrence. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Beth Van Doren whose telephone number is (571) 272-6737. 
The examiner can normally be reached on M-F, 8:30-5:00. 

If attempts to reach the examiner by telephone are xmsuccessful, the examiner's 
supervisor, Tariq Hafiz can be reached on (571) 272-6729. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for pubUshed applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpubUshed 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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